package fuzion24.device.vulnerability.vulnerabilities.framework.securerandom;

import android.content.Context;
import android.util.Log;

import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;

import fuzion24.device.vulnerability.util.CPUArch;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;

public class SecureRandomTest implements VulnerabilityTest{
    /*
        Patched:
        https://android.googlesource.com/platform/libcore/+/ab6d7714b47c04cc4bd812b32e6a6370181a06e4%5E%21/#F0

        Details:
        http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
        http://www.cvedetails.com/cve/CVE-2013-7372/
     */
    @Override
    public String getCVEorID() {
        return "CVE-2013-7372";
    }

    @Override
    public List<CPUArch> getSupportedArchitectures() {
        ArrayList<CPUArch> archs = new ArrayList<>();
        archs.add(CPUArch.ALL);
        return archs;
    }



    @Override
    public boolean isVulnerable(Context context) throws Exception {
       long [] histogram = new long[256];

       for(int i = 0; i < histogram.length; i++){
           histogram[i] = 0;
       }

        byte[] buf = new byte[0x1000];
        for(int i = 0; i < 1000; i++) {
            SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
            sr.nextBytes(buf);

            for(int j = 0; j < buf.length; j++)
                histogram[buf[j] & 0xFF]++;
        }

       for(int i = 0; i < histogram.length; i++)
           Log.d("Histogram", "i " + i + " : " + histogram[i]);

       return false;
    }

}
